Operators using SS7 rely too much on trust to ensure SS7 network security. Sometimes that trust can be misplaced. Les Goldsmith
Las Vegas, Nevada (PRWEB) April 22, 2016
At the Chaos Communications Congress in 2014 Karsten Nohl from SR Labs and Tobias Engel from our own GSMK both presented on the vulnerabilities in SS7. Tobias provided a demonstration of how easy someone with SS7 access could track and listen to a cell phone user.
The demonstration was impressive but many immediately assumed it was an isolated weakness. However since December 2014 we have conducted our own penetration tests of carriers globally. The tests typically take 2-3 weeks to complete and involve pretending to be a roaming partner and trying to manipulate the target carriers devices.
The attacks tested involved:
Tracking
Call Monitoring
Reading Messages
Accessing Voicemail
Stealing Credit
& Denying Service
In April of this year ESD America presented the results of this testing at the RSA 2016 conference in San Francisco and again at the International Wireless Communications Expo in Las Vegas.
The results showed that the majority of operators tested remained vulnerable to these attacks. Despite repeated assurances from some SS7 security teams.
The demonstration by Sixty Minutes USA last weekend and the further demonstration by Sixty Minutes Australia last year show the issue still remains. ESD America wishes to advise that all is not lost..
Many operators are working with us on the issues and we have been able to stop the attacks on many networks globally. In 2016 we will continue penetration testing networks and deploying counter-measures to stop the abuse of SS7.
Requests for copies of the RSA presenattion or media enquiries regarding SS7 should be directed to oversight(at)esdamerica.com